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Space Shuttle 


• Orbiter 

• External Tank 

• Solid Rocket 
Boosters 
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Space Shuttle Main 
Engine Installation 






Bridge Bucket 



Rotation Processing and Surge Facility 
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Unique Crane Requirements 

Handling one-of-a-kind, high-dollar equipment 

- Extreme safety hazards 

• Explosive ordnance 

• Toxic propellants 

• High pressure gasses 

- Precision spotting, inching and sometimes 
micro-inching capability 

- Fragile equipment (it’s like lifting an egg) 

- Program risk (flight hardware represents the 
end product of many years of work by a large 
conglomerate of companies) 


Enhanced Safety Crane Systems 


• Cranes cannot fail, this does not just mean protection 
from load drop. On some cranes we protect the load 
from uncommanded movement (i.e. the crane control 
system must sustain a failure of a control component 
and the load does not move) 

- This is easier said than done 

- Easier to achieve on Mechanical systems 

- Much harder top achieve on Electrical or Electronic 
/Microprocessor-based control systems 

• Cranes are designed to be single-failure-proof, no single 
component failure can cause the crane loose control of 
the load 

- Cannot allow an increase in speed, or reverse direction 

- A failure that causes the crane to slow down or stop is 
considered acceptable 


Enhanced Safety Mechanical Features 


ASME NOG-1 -2004, “Rules for Construction of 
Overhead and Gantry Cranes (Top Running 
Bridge, Multiple Girder)” 

- Covers mechanical “fail-safe” requirements 

- Includes items such as: 

• Emergency brake on the drum, or redundant load 
paths 

• Wire rope spool monitors 

• Increased design factors on components 

• Many other items too 
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Standard Hoist Mechanical Arrangement 



Mechanical 
Load Brake 
(Optional)- 
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Single Failure-Proof Hoist 




Typical Dual-Hoist Drive Unit 



VAB 325-Ton Crane Redundant Load Paths 





Enhanced Safety Electrical Features 


• Electrical Fail-Safe features are covered in 
industry standards (applicable to all cranes) 

- Loss of power stops motors and sets brakes placing 
the crane and load into a safe state 

• Emergency stop buttons are used at the 
operator’s station to remove all power to the 
crane and set the brakes and assure the load is 
safe 

- At Kennedy Space Center, a second “remote” 
emergency stop button is located at the point where 
the load is handled (two crane operators have the 
ability to stop the crane) 


Enhanced Safety Electronic Features 


• Electronic controls is not adequately covered by 
these standards, especially when 
microprocessor based systems are used 

• Today users are requiring more from the crane 
controls (and more electronic controls are used) 

- Precise control of load is required 

- Critical loads are handled in close proximity to other 
items 

- The time it takes an operator to react to incorrect load 
motion (push an emergency stop button) is too slow 
to prevent an accident 

• Also, can the operator see the load? 

• Is the operator able to perceive an incorrect load movement? 


Enhanced Safety Electronic Features 


• Electronic controls can add supervisory control 
systems that provides emergency shutdown 
features 

- Feedback circuitry, error checking, 
diagnostics 

- Automatic safety shutdown to keep the load 
safe is possible 

• Remove power from the crane — everything is safe 


Enhanced Safety Electronic Features 


• Reliability analysis should be completed to 
assure all parts can fail safely — including the 
supervisory controls 

- All parts will eventually fail — it’s just a matter 
of when 

- Control system design must accommodate 
these failures and keep the load safe 

- If not designed correctly, the failure of the 
supervisory controls can directly lead system 
failure 


Enhanced Safety System Architecture 
Incorrect (Serial) Configuration 


INPUTS 

(Pendant 

Station) 



Enhanced Safety System Architecture 
Correct Configuration 



Space Shuttle 
Solid Rocket Motor 
Handling 





Space Shuttle Solid Rocket Booster 
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Solid Rocket Motor Segment Mating 


















Crane Design Features 


• Enhanced Safety 
Design 

• Redundant mechanical 
load paths on the hoist 

• Supervisory controls 
independently monitor 
basic crane operation 
control system providing 
automatic safety 
shutdown 



Final Note 


• We have to do a lot to meet NASA enhanced safety 
requirements. 

• These requirements are there for many good 
reasons. They are valid and they have been 
embraced by the Kennedy Space Center team. 

• It is up to us to implement these requirements so 
that true “enhanced safety” design is achieved. 

• What has been presented here covers one of the 
most hazardous material handling applications. The 
custom supervisory control system is not for every 
critical application. If you are interested in “ultra 
safe” control systems, I would be glad to talk to you. 


QUESTIONS ? 


• Joe Torsani 
ioseph.a.torsani@nasa.qov 

• Brad Lytle 

bradford.p.lvtle@nasa.qov 
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International Space Station Overhead 
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